[xmlsec] exc c14n w/o comments bug
Tomas Sieger
tomas.sieger at systinet.com
Tue May 4 07:48:16 PDT 2004
Hi,
I found another "mutation" of the bug I already reported several weeks
ago: multiple namespace declaration in the output of the exclusive c14n
w/o comments.
This time, the bug is really serious. Even libxml2 can't parse its own
output :-))).
You can reproduce the bug using the attached files.
Run:
./testC14N --exc-without-comments b.xml b.xpath
I can see this output:
<wn1:ticket
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wn0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wn1="http://xmlsoap.org/Ping" wn0:Id="Id-Ticket1" i:nil="true"
i:type="wn1:ticketType"></wn1:ticket>
Note the "i" namespace is declared for two times!
regards,
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: b.xml
Type: text/xml
Size: 710 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20040504/2d855293/b.xml
-------------- next part --------------
<XPath xmlns:wn1="http://xmlsoap.org/Ping">
(//. | //@* | //namespace::*)[ancestor-or-self::wn1:ticket]
</XPath>
More information about the xmlsec
mailing list